Last active
May 22, 2024 01:51
-
-
Save jschlackman/01c3182b9d0ed984715b83bb4cc91cab to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| Name: Get-OldADMachines.ps1 | |
| Author: James Schlackman | |
| Last Modified: May 20 2024 | |
| 1. Finds computer accounts that have been inactive for more than specified time period and optionally disables them | |
| 2. Finds computer accounts that have been disabled for more than specified time period and optionally deletes them | |
| #> | |
| #Requires -Modules ActiveDirectory | |
| Param( | |
| [Parameter()] [String[]] $SearchOUs = 'OU=Workstations,DC=contoso,DC=com', | |
| [Parameter()] [String] $DisabledOU = 'OU=Retired,OU=Workstations,DC=contoso,DC=com', | |
| [Parameter()] [Int] $DaysInactive = 180 | |
| [Parameter()] [Boolean] $DisableDormantAccounts = $false, | |
| [Parameter()] [Boolean] $DeleteOldDisabledAccounts = $true | |
| ) | |
| Import-Module ActiveDirectory | |
| $DisableAccounts = $null | |
| $time = (Get-Date).Adddays(-($DaysInactive)) | |
| $QueryProperties = 'LastLogonTimestamp', 'OperatingSystem', 'PwdLastSet', 'OperatingSystemServicePack', 'SerialNumber', 'description' | |
| # Properties to be used for query output | |
| $DisplayProps = 'Name', | |
| 'OperatingSystem', | |
| 'Description', | |
| @{N='SerialNumber'; E={$_.SerialNumber[0]}}, | |
| @{N='LastLogonTimestamp'; E={[DateTime]::FromFileTime($_.LastLogonTimestamp)}}, | |
| @{N='PwdLastSet'; E={[DateTime]::FromFileTime($_.PwdLastSet)}}, | |
| 'DistinguishedName' | |
| If ($DisableDormantAccounts) { | |
| # Find inactive/dormant computer accounts | |
| $SearchOUs | ForEach-Object { | |
| $DisableAccounts += Get-ADComputer -SearchBase $_ -SearchScope Subtree -Filter {(LastLogonTimestamp -lt $time) -And (Enabled -eq $True)} -Properties $QueryProperties | |
| } | |
| If ([bool]@($DisableAccounts)) { | |
| Write-Host "`nInactive accounts found: $(@($DisableAccounts).Count)`nSee grid export for details and select accounts to be disabled.`n" | |
| $SelectedAccounts = $DisableAccounts | Select $DisplayProps | Out-GridView -OutputMode Multiple -Title ('Computer accounts that have been dormant for {0} days' -f $DaysInactive) | |
| # If accounts were selected to be disabled | |
| If ($SelectedAccounts) { | |
| # Confirm account action | |
| Write-Host ('Do you want to disable the {0} selected inactive computer accounts now? ' -f @($SelectedAccounts).Count) -ForegroundColor Red -NoNewline | |
| If ((Read-Host '[y/N]').ToUpper() -eq 'Y') { | |
| $SelectedAccounts | ForEach-Object { | |
| # Disable accounts | |
| Disable-ADAccount -Identity $_.DistinguishedName -Confirm:$false | |
| # Move disabled objects to specified OU | |
| Move-ADObject -Identity $_.DistinguishedName -TargetPath $DisabledOU -Confirm:$false | |
| } | |
| # Output log | |
| $OutputPath = "$(Get-Date -Format yyMMdd-HHmm) Inactive Computer Accounts.csv" | |
| Write-Host 'Exporting log to ' -NoNewline | |
| Write-Host $OutputPath -ForegroundColor Green | |
| $SelectedAccounts | Export-CSV -Path $OutputPath -NoTypeInformation | |
| } | |
| } | |
| } | |
| } | |
| If ($DeleteOldDisabledAccounts) { | |
| # Find disabled computer accounts that have been dormant for the selected period (including those disabled above) | |
| $PurgeAccounts = Get-ADComputer -SearchBase $DisabledOU -SearchScope Subtree -Filter {LastLogonTimestamp -lt $time} -Properties $QueryProperties | |
| Write-Host "`nDisabled accounts found: $(@($PurgeAccounts).Count)" | |
| If ($PurgeAccounts) {Write-Host "See grid export for details and select accounts to be deleted.`n"} | |
| $SelectedAccounts = $PurgeAccounts | Select $DisplayProps | Out-GridView -OutputMode Multiple -Title ('Disabled computer accounts that have been dormant for {0} days' -f $DaysInactive) | |
| # If accounts were selected for deletion | |
| If ($SelectedAccounts) { | |
| # Confirm account action | |
| Write-Host ('Do you want to PERMENANTLY DELETE the {0} selected disabled computer accounts now? ' -f @($SelectedAccounts).Count) -ForegroundColor Red -NoNewline | |
| If ((Read-Host '[y/N]').ToUpper() -eq 'Y') { | |
| # Delete disabled accounts | |
| $SelectedAccounts | ForEach-Object {Remove-ADObject -Identity $_.DistinguishedName -Recursive -Confirm:$false} | |
| # Output log | |
| $OutputPath = "$(Get-Date -Format yyMMdd-HHmm) Disabled Computer Accounts.csv" | |
| Write-Host 'Exporting log to ' -NoNewline | |
| Write-Host $OutputPath -ForegroundColor Green | |
| $SelectedAccounts | Export-CSV -Path $OutputPath -NoTypeInformation | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment